earticle

영어

We present a scalable and accurate method for classifying program traces to detect system intrusion attempts. By employing inter-element dependency models to overcome the independence violation problem inherent in the Naïve Bayes learners, our method yields intrusion detectors with better accuracy. For efficient counting of n-gram features without losing accuracy, we use a k-truncated generalized suffix tree (k-TGST) for storing n-gram features. The k-TGST storage mechanism enables to scale up the classifiers, which cannot be easily achieved by SVM (Support Vector Machine) based methods that require implausible computing power and resources for accuracy.